Commit Graph

37658 Commits

Author SHA1 Message Date
Blake Erickson
da839e6d26 SECURITY: Use FinalDestination for topic embeds 2020-05-27 09:26:09 -06:00
Régis Hanol
2a4db15544 FIX: don't send digests to users with no primary email
It might happen that some User records have no associated primary emails.
In which case we don't ever want to send them a digest.

Also added a new "user_email_no_email" skipped email log to ensure these cases
are properly handled and surfaced.
2020-05-27 17:09:40 +02:00
Arpit Jalan
2152e70e0d DEV: annotate models 2020-05-27 19:05:24 +05:30
Joffrey JAFFEUX
f51093dde7
FIX: correctly set values and defaults for group-form-interaction-fields (#9891) 2020-05-27 12:10:27 +02:00
Joffrey JAFFEUX
1d685c22af
REVERT: removes translate_emoji (#9889)
This API is actually used in some plugins.
2020-05-27 12:08:24 +02:00
Sam Saffron
1cf2d1f9f2
FIX: when destroying a draft always ensure saving is done
There was a race condition where drafts could be either saving
or queued to be saved and a user canceled draft leading to destroying
it.

This cancels debounce save and waits for save in the pipeline to
be over prior to firing off a DELETE on the draft
2020-05-27 18:46:19 +10:00
Sam Saffron
f41fcad6c3
FIX: opening cancel draft dialog broke autosave
cancelComposer would leak a promise that never got resolved if
you aborted cancelling a composer.

This change ensured the promise will always be resolved
2020-05-27 18:16:48 +10:00
dependabot-preview[bot]
63b3155983
Build(deps): Bump onebox from 1.9.28.2 to 1.9.28.3 (#9887)
Bumps [onebox](https://github.com/discourse/onebox) from 1.9.28.2 to 1.9.28.3.
- [Release notes](https://github.com/discourse/onebox/releases)
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/onebox/compare/v1.9.28.2...v1.9.28.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-27 08:38:16 +05:30
Sam Saffron
5bfb6830c9
SECURITY: missing security check prior to redirect
In some rare cases, if a user knows the exact title of a topic
they could possibly determine that it really exists in the system
2020-05-27 10:58:22 +10:00
Martin Brennan
2d534bf2e0
FIX: Pass current_user to TopicQuery in for categories_and_top_topics (#9885) 2020-05-27 10:05:06 +10:00
Krzysztof Kotlarek
34e5f0a9a3
Revert "FEATURE: notify admins about old credentials (#9854)" (#9886)
This reverts commit 349a67bee6.
2020-05-27 09:52:53 +10:00
Kris
66ec634cb3 Composer whisper icon missing margin when editing replies 2020-05-26 19:17:09 -04:00
Jordan Vidrine
5f61deff80
FIX: updates variables for HTML to use em instead of px in font-size (#9883) 2020-05-26 17:48:35 -05:00
Krzysztof Kotlarek
349a67bee6
FEATURE: notify admins about old credentials (#9854)
* FEATURE: notify admins about old credentials

Security and API keys should be renewed periodically.
This additional notification should help admins keep their Discourse safe and secure.
2020-05-27 08:13:47 +10:00
Neil Lalonde
2c880b9bf9
FIX: wizard fails to start when default_theme_id is -1 2020-05-26 16:08:35 -04:00
Penar Musaraj
b1c726be0d
Remove support for FontAwesome 4.7 icon names (#9871) 2020-05-26 14:53:32 -04:00
Mark VanLandingham
7820686f73
FIX: Wizard previews if color step is excluded (#9881) 2020-05-26 12:56:36 -05:00
Arpit Jalan
a6189c5070 Bump onebox version
- use oEmbed for Instagram onebox
2020-05-26 22:03:51 +05:30
dependabot-preview[bot]
d38e571cba
Build(deps): Bump excon from 0.72.0 to 0.73.0 (#9228)
Bumps [excon](https://github.com/excon/excon) from 0.72.0 to 0.73.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.72.0...v0.73.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-26 12:28:28 -04:00
Gerhard Schlager
69ee94b526 FIX: XML files could be detected as SVG files 2020-05-26 18:18:20 +02:00
Jeff Wong
4dc6504234 DEV: Mark fontawesome-pro plugin as official 2020-05-26 08:50:55 -07:00
Neil Lalonde
788b8becde
Version bump to v2.5.0.beta5 2020-05-26 11:13:05 -04:00
Joffrey JAFFEUX
675e9b81c6
FIX: document.activeElement can be null on IE11 (#9880) 2020-05-26 16:51:55 +02:00
Guo Xiang Tan
26c7fa2c29
FIX: rescue_from doesn't bubble up.
See a47e0c19e6/actionpack/lib/action_controller/metal/rescue.rb (L25)
2020-05-26 22:43:29 +08:00
Joffrey JAFFEUX
253a185769
FIX: makes focust text area after complete more resilient (#9879) 2020-05-26 16:27:02 +02:00
Neil Lalonde
3d20a1143b
Update translations 2020-05-26 10:06:07 -04:00
Jarek Radosz
eb462bfb3d
FIX: Improve image downsizing script (#9549)
Correctly handles more upload formats in posts, updates post custom fields, fixes more edge cases, adds debugging capabilities. (VERBOSE=1 and INTERACTIVE=1 flags)

Includes these commits and some more:

* DEV: Show the fixed image dimensions
* FIX: Support more upload url formats
* DEV: Remove the old upload after updating posts
* FIX: Use the `process_post_#{id}` mutex
* FIX: Avoid rebaking twice
* DEV: Print out the link to the post
* DEV: Process posts chronologically
* DEV: Do a dry-run before saving, pause on any issue
* FIX: Also process deleted posts
* DEV: Make matchers case-insensitive
* DEV: Pause on "detached" uploads, add more debug info
* DEV: Print out time when finished
* DEV: Add support for WORKER_ID/WORKER_COUNT
* DEV: Fix the onebox in cooked text heuristic
* DEV: Don't report already processed posts
* DEV: Beep when done!
* DEV: Ignore issues with deleted posts
* DEV: Ignore issues with deleted topics
* DEV: Multiline SQL
* DEV: Use the bulk attribute assignment
* DEV: Add ENV["INTERACTIVE"] mode
* DEV: Handle post custom fields
* DEV: Bail on non-S3 sites
* DEV: Allow sizes smaller than 1 mpix
2020-05-26 15:38:23 +02:00
Roman Rizzi
b61a291cf3
FIX: returns false if the upload url is an invalid mailto link (#9877) 2020-05-26 10:32:48 -03:00
Bianca Nenciu
f47400475e
FEATURE: Send a private message when a group membership is accepted (#9822)
* FEATURE: Send a private message when a group membership is accepted

* DEV: Small code improvements

* FIX: Send PM as group owner

* Copy edits
2020-05-26 16:28:03 +03:00
Joshua Rosenfeld
41f742c2f9
FIX: Copyedit for the dominating topic warning 2020-05-26 07:18:36 -04:00
Sam Saffron
76c4bc925d
DEV: followup to prev commit
337bd9a0f7 did not account for optimized image being nil
2020-05-26 16:19:05 +10:00
Sam Saffron
337bd9a0f7
FIX: concurrency bug when creating topic thumbnails
We were failing erratically when backfilling topic thumbnails.

This ensures that racing threads/processes will not conflict.
2020-05-26 16:10:22 +10:00
Osama Sayegh
2211581a85
FIX: Don't responde with error 500 if domain is invalid when adding automatic membership domain (#9655) 2020-05-26 15:40:09 +10:00
Arpit Jalan
5462fe9462
FIX: do not allow tag with name 'none' (#9867)
https://meta.discourse.org/t/none-tag-is-uneditable/152003
2020-05-26 08:15:45 +05:30
Guo Xiang Tan
878f06f1fe DEV: Remove custom connection reaper.
Rails 6 fixed the reaper to use one thread to reap all the connection pools.
2020-05-26 09:09:46 +08:00
Sam Saffron
fc97f7e0e7
FIX: properly ban non human users from draft system
Previously we had a partial fix in place where non human users
were not allowed draft sequences, this left edges around where non
human users asked for drafts yet had none.

For example system could already have a few drafts in place.

This also removes and extensibility point we added that is not in use
2020-05-26 10:07:09 +10:00
Kane York
979093787f
FIX: Include lazyYT-container in cooked post HTML (#9870)
This applies the new styles without waiting for the JS to run.
2020-05-25 14:24:40 -07:00
Rafael dos Santos Silva
b48299f81c
FEATURE: Add setting to disable automatic CORS rule install in S3 buckets (#9872) 2020-05-25 17:09:34 -03:00
Joffrey JAFFEUX
d9f915b195
FIX: documentation was using incorrect function (#9876) 2020-05-25 21:55:30 +02:00
Joffrey JAFFEUX
be16205118
DEV: plugin api should have been bumped for #8825395 (#9874) 2020-05-25 21:44:15 +02:00
Vinoth Kannan
5fb9271878
DEV: ignore flair_url column in group model. (#9873) 2020-05-26 00:43:50 +05:30
Joffrey JAFFEUX
8825395bdc
DEV: allows to decorate username selector (#9869)
Usage:

```
api.addUsernameSelectorDecorator(username => {
  return iconHTML("calendar-alt");
});
```
2020-05-25 19:09:55 +02:00
Robin Ward
fd2d7ca992 FIX: Email Styles were evaluated out of order
`yield` puts the content in the template right away unless explicitly
`capture`'d.
2020-05-25 12:47:23 -04:00
Arpit Jalan
e8fb9d4066 FIX: when creating new PM username/groupname should be case-insensitive
(take 2)

https://meta.discourse.org/t/case-sensitivity-in-links-to-groupname/147596
https://meta.discourse.org/t/remove-case-sensitive-in-adding-users-to-a-message/151275
2020-05-25 21:34:05 +05:30
Arpit Jalan
302b37c805 Revert "FIX: when creating new PM username/groupname should be case-insensitive"
This reverts commit 2be79d94f5.

This is affecting multiple code path. Investigating.
2020-05-25 20:10:14 +05:30
Arpit Jalan
30849c8b37 FIX: no need for downcasing second time 2020-05-25 19:20:15 +05:30
Arpit Jalan
2be79d94f5 FIX: when creating new PM username/groupname should be case-insensitive
https://meta.discourse.org/t/case-sensitivity-in-links-to-groupname/147596
https://meta.discourse.org/t/remove-case-sensitive-in-adding-users-to-a-message/151275
2020-05-25 19:04:59 +05:30
Gerhard Schlager
631024ae5d FEATURE: Permalinks for tags 2020-05-25 14:51:01 +02:00
Sam Saffron
48fb354bce
PERF: avoid traversing DOM in loadScript
Once a script is loaded operation should be very fast.

This optimisation avoids a DOM traverse and call to getURL on
every invocation.
2020-05-25 18:19:59 +10:00
Vinoth Kannan
505122bb45 FIX: skip onceoff job for groups with invalid flair URL. 2020-05-25 13:11:00 +05:30